I have logged in the user. I have retrieved his favourite videos. But when I try to upload videos I get an error
Fatal error File to be uploaded at does not exist or is not readable.
This is the code I use to upload video
$myVideoEntry = new Zend_Gdata_YouTube_VideoEntry();
$file = '/files/trainingvideo1.mp4';
$file = realpath($file);
$filesource = $yt->newMediaFileSource($file);
$filesource->setContentType('video/mp4');
$filesource->setSlug($file);
$myVideoEntry->setMediaSource($filesource);
$myVideoEntry->setVideoTitle('Tutorial 1');
$myVideoEntry->setVideoDescription('Tutorial 1');
$myVideoEntry->setVideoCategory('Entertainment');
$myVideoEntry->SetVideoTags('testme');
$myVideoEntry->setVideoDeveloperTags(array('tester', 'test'));
$uploadUrl = 'http://uploads.gdata.youtube.com/feeds/api/users/default/uploads';
$newEntry = $yt->insertEntry($myVideoEntry, $uploadUrl, 'Zend_Gdata_YouTube_VideoEntry');
I appreciate any help.
Edit: With the information that your realpath() is returning false, we can assume that you're probably configuring zend gdata correctly and just passing in a bad file.
Here is the PHP documentation on realpath(): http://php.net/manual/en/function.realpath.php
The part that matters is:
realpath() returns FALSE on failure, e.g. if the file does not exist.
Note:
The running script must have executable permissions on all directories in the hierarchy, otherwise realpath() will return FALSE.
So at this point I would go ahead and:
Check that the file exists and your URL is correct- perhaps try using an absolute URL at first to test and build up to a relative one progressively
Check permissions on the file, make sure it is executable by all (755 unix permissions, I think)
Good Luck!
Zend Gdata Youtube Doc:
Uploading videos can be done in one of two ways: either by uploading the video directly or by sending just the video meta-data and having a user upload the video through an HTML form.
In order to upload a video directly, you must first construct a new » Zend_Gdata_YouTube_VideoEntry object and specify some required meta-data.
The code below creates a blank » Zend_Gdata_YouTube_VideoEntry to be uploaded. A » Zend_Gdata_App_MediaFileSource object is then used to hold the actual video file. Under the hood, the » Zend_Gdata_YouTube_Extension_MediaGroup object is used to hold all of the video's meta-data. The $uploadUrl is the location where the new entry gets posted to. This can be specified either with the $userName of the currently authenticated user, or, alternatively, you can simply use the string 'default' to refer to the currently authenticated user.
$yt = new Zend_Gdata_YouTube($httpClient);
$myVideoEntry = new Zend_Gdata_YouTube_VideoEntry();
$filesource = $yt->newMediaFileSource('mytestmovie.mov');
$filesource->setContentType('video/quicktime');
$filesource->setSlug('mytestmovie.mov');
$myVideoEntry->setMediaSource($filesource);
$myVideoEntry->setVideoTitle('My Test Movie');
$myVideoEntry->setVideoDescription('My Test Movie');
// Note that category must be a valid YouTube category !
$myVideoEntry->setVideoCategory('Comedy');
// Set keywords, note that this must be a comma separated string
// and that each keyword cannot contain whitespace
$myVideoEntry->SetVideoTags('cars, funny');
// Optionally set some developer tags
$myVideoEntry->setVideoDeveloperTags(array('mydevelopertag',
'anotherdevelopertag'));
// Optionally set the video's location
$yt->registerPackage('Zend_Gdata_Geo');
$yt->registerPackage('Zend_Gdata_Geo_Extension');
$where = $yt->newGeoRssWhere();
$position = $yt->newGmlPos('37.0 -122.0');
$where->point = $yt->newGmlPoint($position);
$myVideoEntry->setWhere($where);
// Upload URI for the currently authenticated user
$uploadUrl =
'http://uploads.gdata.youtube.com/feeds/users/default/uploads';
// Try to upload the video, catching a Zend_Gdata_App_HttpException
// if available or just a regular Zend_Gdata_App_Exception
try {
$newEntry = $yt->insertEntry($myVideoEntry,
$uploadUrl,
'Zend_Gdata_YouTube_VideoEntry');
} catch (Zend_Gdata_App_HttpException $httpException) {
echo $httpException->getRawResponseBody();
} catch (Zend_Gdata_App_Exception $e) {
echo $e->getMessage();
}
To upload a video as private, simply use: $myVideoEntry->setVideoPrivate(); prior to performing the upload. $videoEntry->isVideoPrivate() can be used to check whether a video entry is private or not.
Source: http://framework.zend.com/manual/en/zend.gdata.youtube.html
Related
I have some encrypted responses that I convert to a Zip file in my Laravel application. The function below downloads the API response, saves it as a Zip file, and then extracts it while I read the folder's contents. In my local environment, it works well. However, the Zip file is not getting saved to the storage folder on the live server. No error is being shown, only an empty JSON response. Please, what could be the cause?
public function downloadZipAndExtract($publication_id, $client_id)
{
/* We need to make the API call first */
$url = $this->lp_store."clients/$client_id/publications/$publication_id/file";
$file = makeSecureAPICall($url, 'raw');
// Get file path. If file already exist, just return
$path = public_path('storage/'.$publication_id);
if (!File::isDirectory($path)) {
Storage::put($publication_id.'.zip', $file);
// Zip the content
$localArchivePath = storage_path('app/'.$publication_id.'.zip');
$zip = new ZipArchive();
if (!$zip->open($localArchivePath)) {
abort(500, 'Problems experienced while reading file.');
}
// make directory with the publication_id
// then extract everything to the directory
Storage::makeDirectory($publication_id);
$zip->extractTo(storage_path('app/public/'.$publication_id));
// Delete the zip file after extracting
Storage::delete($publication_id.'.zip');
}
return;
}
First thing I'd check is if the storage file is created and if it isn't created, create it. Then I'd look at your file permissions and make sure that the the groups and users permissions are correct and that you aren't persisting file permissions on creation. I've had many instances where the process that's creating files(or trying) is not in the proper group and there is a sticky permission on the file structure.
i have a download function receiving the filename by $_GET and i want to prevent users of downloading other files changing the path and accessing other files in the system.
method:
function actionDownload($arquivo) {
try {
$filepath = \Yii::getAlias('#webroot') . '/files/coordenadas/'. $arquivo;
if (file_exists($filepath)){
return \Yii::$app->getResponse()->sendFile(\Yii::getAlias('#webroot') . '/files/coordenadas/'. $arquivo, $arquivo);
}
}
catch (\Exception $exception) {
throw new NotFoundHttpException("Arquivo não encontrado");
}
}
the route to download the method:
http://example.com/converter-coordenadas/download?arquivo=geografica-utm-20200830171051.xlsx
if someone change the arquivo variable to another valid path it will be able to download other files. How prevent that, but keeping the function receiving the file name in a url param?
the situation that i have is:
the user upload a file through ajax
i convert this file and return the filename
create a download button with the link to the new file.
I don't have any other information to make a relation with the file, like an user id.
As #GetSet explained in the comments, the biggest problem is procedural. One way to do this correctly is as follows:
Upload the file to your server and save the reference in database (you already doing) and generate an unique ID for this file (or for this download). This ID will be saved in a database field, for example with the name: "donwload_id"
Then in the view (when you are creating the link for the download):
Html::a('Download', [Url::to('donwload-action'), 'download_id' => $model- >download_id]);
In your controller, You will know how to find the file by its unique identifier (download_id).
No one knows how you have generated this ID and therefore it is more difficult for anyone to be able to generate it again. Also you can limit the time available to download the file by setting an expiration date to the link.
I will completely clarify my question, sorry to everybody.
I have code writed in files from a website that now is not working, the html code is on pages with php extension, in a folder of a Virtual Host in my PC using Wampserever. C:\wamp\1VH\PRU1, when the site was online there was a folder where was a file called image.php. This file was called from other pages inside the site like this: (a little code of a file, C:\wamp\1VH\PRU1\example.php)
"<div><img src="https://www.example.com/img/image.php?f=images&folder=foods&type=salads&desc=green&dim=50&id=23" alt="green salad 23"></div>"
And the result was that the images was showed correctly.
Now, like i have this proyect in local, and i HAVE NOT the code of that image.php file i must to write it myself, this way the images will be showed the same way that when the site was online.
When the site was online and i open a image returned by that image.php file the URL was, following the example, https://example.com/images/foods/salads/green_50/23.png.
Now how the site is only local and i have not that image.php file writed because i'm bot sure how to write it, the images obviously are not showed.
In C:\wamp\1VH\PRU1\example.php the code of files was changed deleting "https://www.example.com/img/image.php?" for a local path "img/image.php?".
And in the same folder there is anothers: "img" folder (here must be allocated the image.php file), and "images" folder, inside it /foods/salads/green_50/23.png, 24.png.25.png..............
So i have exactly the same folder architecture that the online site and i changed the code that i could only, for example replacing with Jquery "https://www.example.com/img/image.php?" for "img/image.php?" but wich i can not do is replace all the code after the image.php file to obtain a image file.
So i think that the easiest way to can obtain the images normally is creating that IMAGE.PHP file that i have not here in my virtual host.
I'd like to know how to obtain the parameters and return the correct URL in the image,php file.
The image of the DIV EXAMPLE must be C:/wamp/1VH/PRU1/images/foods/salads/green_50/23.png
I have in my PC the correct folders and the images, i only need to write the image.php file.
Note that there are "&" and i must to unite the values of "desc=green&dim=50&" being the result: green_50 (a folder in my PC).
TVM.
You probably want something like this.
image.php
$id = intval($_GET['id']);
echo '<div><img src="images/foods/salads/green_50/'.$id.'.png" alt="green salad '.$id.'"></div>';
Then you would call this page
www.example.com/image.php?id=23
So you can see here in the url we have id=23 in the query part of the url. And we access this in PHP using $_GET['id']. Pretty simple. In this case it equals 23 if it was id=52 it would be that number instead.
Now the intval part is very important for security reasons you should never put user input directly into file paths. I won't get into the details of Directory Transversal attacks. But if you just allow anything in there that's what you would be vulnerable to. It's often overlooked, so you wouldn't be the first.
https://en.wikipedia.org/wiki/Directory_traversal_attack
Now granted the Server should have user permissions setup properly, but I say why gamble when we can be safe with 1 line of code.
This should get you started. For the rest of them I would setup a white list like this:
For
folder=foods
You would make an array with the permissible values,
$allowedFolders = [
'food',
'clothes'
'kids'
];
etc...
Then you would check it like this
///set a default
$folder = '';
if(!empty($_GET['folder'])){
if(in_array($_GET['folder'], $allowedFolders)){
$folder = $_GET['folder'].'/';
}else{
throw new Exception('Invalid value for "folder"');
}
}
etc...
Then at the end you would stitch all the "cleaned" values together. As I said before a lot of people simply neglect this and just put the stuff right in the path. But, it's not the right way to do it.
Anyway hope that helps.
You essentially just need to parse the $_GET parameters, then do a few checks that the file is found, a real image and then just serve the file by setting the appropriate content type header and then outputting the files contents.
This should do the trick:
<?php
// define expected GET parameters
$params = ['f', 'folder', 'type', 'desc', 'dim', 'id'];
// loop over parameters in order to build path: /imagenes/foods/salads/green_50/23.png
$path = null;
foreach ($params as $key => $param) {
if (isset($_GET[$param])) {
$path .= ($param == 'dim' ? '_' : '/').basename($_GET[$param]);
unset($params[$key]);
}
}
$path .= '.png';
// check all params were passed
if (!empty($params)) {
die('Invalid request');
}
// check file exists
if (!file_exists($path)) {
die('File does not exist');
}
// check file is image
if (!getimagesize($path)) {
die('Invalid image');
}
// all good serve file
header("Content-Type: image/png");
header('Content-Length: '.filesize($path));
readfile($path);
https://3v4l.org/tTALQ
use $_GET[];
<?php
$yourParam = $_GET['param_name'];
?>
I can obtain the values of parameters in the image.php file tis way:
<?php
$f = $_GET['f'];
$folder = $_GET['folder'];
$type = $_GET['type'];
$desc = $_GET['desc'];
$dim = $_GET['dim'];
$id = $_GET['id'];
?>
But what must i do for the image:
C:/wamp/1VH/PRU1/images/foods/salads/green_50/23.png
can be showed correctly in the DIV with IMG SRC atribute?
I created one folder and inside that folder I've created 2 text files, with some text inside. I can also list the files and get the text in them without problems. Now I am trying to update the text inside of that files, but I am always getting this error:
"domain": "global",
"reason": "fieldNotWritable",
"message": "The resource body includes fields which are not directly writable."
I created a function similar to the one presented in https://developers.google.com/drive/v2/reference/files/update.
I used this example because in version v3, Google don't present any example, and I can't find anything that can help me in this. My function is below.
function updateFile ($service, $fileId, $newTitle, $newDescription, $newMimeType, $text) {
try {
// First retrieve the file from the API.
$file = $service->files->get($fileId);
// File's new metadata.
$file->setName($newTitle);
$file->setDescription($newDescription);
$file->setMimeType($newMimeType);
// File's new content.
$additionalParams = array(
'data' => $text,
'uploadType' => 'media'
);
// Send the request to the API.
$updatedFile = $service->files->update($fileId, $file, $additionalParams);
return $updatedFile;
} catch (Exception $e) {
print "An error occurred: " . $e->getMessage();
}
}
Thank you in advance.
Based from this SO answer, on v3, using update like that throws the error fieldNotWritable.
The solution is to create an empty File setting only the new values:
File newContent = new File();
newContent.setTrashed(true);
service.files().update(fileId, newContent).execute();
Note: File refers to com.google.api.services.drive.model.File (it is not java.io.File).
Also, based from this documentation, you can see that shared isn't a writable field. You can share a file by adding a new permission, and you can check if a file has been shared by reading the shared property. But saying a file is shared, other than by actually sharing it, makes no sense. [Source.]
I am using TinyMCE as a WYSIWYG editor.
It is working perfectly, except for the image upload directory. I want each user to have their own directory in the images directory, but I cannot get it to work.
I am passing the user id in the URL and have tried adding the code to get it from the URL in the config.php file where the directories are defined, but the $user_id value remains empty.
Any assistance would be great.
The URL:
http://mydomain.co.za/index.php?user_id=1
The Code:
<?php
$user_id= htmlspecialchars($_GET["user_id"]);
// The URL that points to the upload folder on your site.
// Can be a relative or full URL (include the protocol and domain)
$imageURL = 'http://mydomain.co.za/images/'.$user_id;
// Full upload system path. Make sure you have write permissions to this folder
$uploadPath = '/home/username/public_html/editor/images/'.$user_id;
//We create the directory if it does not exist - you can remove this if you consider it a security risk
if(!is_dir($uploadPath)) {
mkdir($uploadPath,0755,true);
}
//Create thumb directory if doesn't exist
if(!is_dir($uploadPath . 'thumbnail')) {
mkdir($uploadPath . 'thumbnail',0755,true);
}
//Allowed extenstions
$allowedExtensions = array('jpg','gif','jpeg','bmp','tif','png');
//Maximum upload limit
$sizeLimit = 2 * 1024 * 1024;
function isAuth() {
//Perform your own authorization to make sure user is allowed to upload
return true;
}
Is it possible the reason is because it is not in the main php file?
Or Can I get the variable from the URL?
They suggested on their Instructions that I add $userId = Auth::getId(); but id returns an empty value. Plus I have no idea what that command is executing.
PLEASE NOTE:
the file management is being done by TinyMCE Image Uploader & Manager
UPDATE:
By adding the $actual_link = "http://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]"; echo $actual_link; I noticed by the time the $_GET command is rung the URL has changed to http://mydomain.co.za/tinymce/plugins/lioniteimages/connector/php/gallery.php, but in the browser URL bar, the URL is still the same with the variable.
Is there anyway to access that URL instead of the one i am getting?
I found the solution.
Simple enough, just created a session and the problem was solved.
I was able to get the variable from the session.